PolicyPak for Chrome Flags (like NPAPI)

PolicyPak for Chrome Flags (like NPAPI)

Hi. This is Jeremy Moskowitz, Group Policy MVP and Founder of PolicyPak Software. In this video, I’m going to show you how to enable NPAPI in Chrome Version 42 or later.

Now you could run around from machine to machine and do this manually, which is by going to a machine and typing in: “chrome://flags” and doing exactly what it says here. By way of example, you could go to “chrome://flags” and you could run around from machine to machine and find “Enable NPAPI” and click “Enable.”

The problem is, you have a lot of machines and you’re going to want a Group Policy way in order to accomplish that. That’s what I’m going to show you right now. I’m going to go ahead and close this out. I’ll close this out here too.

I’ll “Create a GPO in this domain, and link it here” with PolicyPak here, and I’ll call this “Enable NPAPI (or any Chrome Flag) using PolicyPak App Manager.” If I right click here and click “Edit” here, we have preconfigured Paks for just about every application you can possibly imagine.

For instance, if I want to go to user side, “PolicyPak/Application Manager” here and select “New Application” and pick “PolicyPak for Google Chrome Flags,” we’ve got a Pak just for the Chrome Flags. We’ve got them broken out into about 20 for each tab or so. The one you’re after is probably here, “Enable NPAPI.” We’ll go ahead and click “Enable NPAPI” here, and that’s going to set it.

We’ll just stop right here and go ahead and click OK. That will input the data into the Group Policy Object. We’ll go over to our target machine. We’ll run GP Update on the target machine, and we’ll see if our settings took effect.

Now that that’s almost done here, we’ll go ahead and close this out and we’ll go ahead and rerun “Google Chrome.” If we go back to “chrome://flags” here, we will see that “Enable NPAPI” has been delivered to all your users. You could do this on all computers or users, whichever you choose. That’s the first thing.

What’s interesting though is that if a user decides they want to uncheck this or revert out of this (by selecting “Disable”) I’m going to show you a technique where even if they do this and relaunch, you’ll see that there’s no way for them to get around it. I’m going to show you how to do that.

The next step, all you would need to do is to go into the Flags entry here and you would right click and “Perform ACL Lockdown.” This is going to take ownership of the file even though the user would normally own it. So we’re delivering these settings.

In this case now, we’ll just simply rerun GP Update. Again, this is going to lock the file so the user, no matter what they try to do, you own the file, not them, and in this case they are protected from themselves or from something more naughty than themselves.

Okay, we’re done with that. We’ll go ahead and close that out. We’ll rerun “Google Chrome” here. Let’s take a look. If we go to “chrome://flags,” the first thing is that you can see that it has been reconfigured. But if a user tries to work around it and maybe tries to do some other things they shouldn’t do and be super naughty and then relaunches Chrome (“Relaunch Now”), if we go ahead and take a look at “chrome://flags,” we’ll see that none of the user settings have been accepted and the stuff that you set, for instance, “Enable NPAPI,” is the only thing that is declared.

Because you’ve taken ownership of the file, the user can’t work around it. PolicyPak and Group Policy or PolicyPak and SCCM have delivered the settings you want to all of your client machines. I hope that gives you a quick tutorial of how to use the PolicyPak Pak for Chrome Flags. If you’re looking to get started, it’s part of the download.